From: Carl Worth <cworth@cworth.org>
Date: Fri, 25 Oct 2013 22:34:17 +0000 (-0700)
Subject: Fix buffer overrun in accumulate_program_metrics
X-Git-Url: https://git.cworth.org/git?p=fips;a=commitdiff_plain;h=3b579d69622d53b95c6259daf0ecb4f5d2b1798b

Fix buffer overrun in accumulate_program_metrics

The convention for the op_metrics array in the context is that callers
do not index it directly, but instead call ctx_get_op_metrics (which
will grow tha array if needed first).
---

diff --git a/metrics.c b/metrics.c
index c24ae3f..9f66ded 100644
--- a/metrics.c
+++ b/metrics.c
@@ -532,6 +532,7 @@ accumulate_program_metrics (metrics_op_t op, GLuint *result, GLuint size)
 
 	context_t *ctx = &current_context;
 	metrics_info_t *info = &ctx->metrics_info;
+	op_metrics_t *metrics = ctx_get_op_metrics (ctx, op);
 	unsigned char *p = (unsigned char *) result;
 
 	while (p < ((unsigned char *) result) + size)
@@ -585,7 +586,7 @@ accumulate_program_metrics (metrics_op_t op, GLuint *result, GLuint size)
 			break;
 		}
 
-		ctx->op_metrics[op].counters[group_index][counter_index] += value;
+		metrics->counters[group_index][counter_index] += value;
 	}
 }